New cyberthreats such as AI-enhanced phishing can boost the profitability of attacks by up to 50-fold

November 5, 2025 — Microsoft has unveiled its 2025 Digital Defense Report, offering a sweeping view of the global cyberthreat landscape and providing critical insights for business leaders across Africa. Drawing from Microsoft’s unique vantage point and over 100 trillion daily security signals, the report highlights a significant expansion in the reach of cybercriminals over the past year, with a growing focus on North African countries. It also details how nation-state actors are refining their methods, harnessing artificial intelligence, exploiting trusted platforms, and targeting high-value industries with remarkable accuracy.

Nation-state actors and cybercriminals are increasingly active in North Africa, especially targeting government agencies, academic institutions, NGOs and think tanks, and critical infrastructure. China is a major actor targeting North Africa, particularly for espionage and influence operations.

Within this landscape, Morocco faces an increasingly complex and aggressive cyber threat environment, marked by 12.6 million web-based attack attempts in 2024, targeting both public institutions and critical private sectors such as finance, telecom, and manufacturing. The country ranks among Africa’s top targets for digital attacks, recording 26 nation-state cyber events between July 2024 and June 2025, placing it among the more actively targeted countries in the region.

Rapid adoption of cloud computing and AI has expanded the attack surface, with credential theft and ransomware attacks surging while human error remains a leading risk factor, with 52% of Moroccan companies citing employee awareness as a major challenge.

“Africa isn’t just a target, it has become a proving ground for the latest cyber threats,” said Salima Amira, Country Manager, Microsoft Morocco. “We’re witnessing attackers harness AI to craft phishing messages tailored to local languages and cultural contexts, impersonate trusted individuals, and exploit the very platforms we depend on. Many of these advanced tactics are first tested right here on the continent.”

Last year, in 80% of the cyber incidents investigated by Microsoft’s security teams, attackers targeted data theft, a trend primarily motivated by financial gain rather than intelligence gathering. According to the World Economic Forum’s Cybercrime Impact Atlas Report 2025, arrests have increased across 19 African countries. However, the total value of cybercrime surged dramatically from $192 million in 2024 to $484 million in 2025, and the number of victims increased from 35,000 to 87,000.

The Digital Defence Report highlights the growing proficiency of criminal methods, with Business Email Compromise (BEC) emerging as the most financially damaging threat. Although BEC accounted for just 2% of observed threats, it was the outcome in 21% of successful attacks, surpassing ransomware (16%). These attacks often begin with phishing or password spraying, followed by inbox rule manipulation, multi-factor authentication (MFA) tampering, and email thread hijacking; tactics that enable trust-building and privilege escalation.

The report also highlights a dramatic shift in attacker behavior, with adversaries now favoring multi-stage attack chains that blend technical exploits, social engineering, and infrastructure abuse. Tactics such as ClickFix, where users are tricked into manually executing malicious code, and impersonation via Microsoft Teams, are enabling attackers to bypass traditional defenses and gain remote access under the guise of IT support.

Artificial Intelligence is rapidly transforming the threat landscape. AI-enhanced phishing campaigns now achieve a 54 percent click-through rate – 4.5 times higher than traditional methods – and potentially boosting profitability by up to 50-fold. Attackers are deploying autonomous malware capable of lateral movement and privilege escalation without human oversight.

Meanwhile, AI-generated content is flooding digital spaces, overwhelming detection systems and enabling deepfake-enabled fraud, voice cloning, and the creation of synthetic identities at scale. Microsoft reports a 195 percent global increase in AI-generated IDs used to bypass identity verification and exploit free trials or launch attacks from disposable tenants.

Leaders must recognize that cyber risks are a form of business risk and treat them accordingly. Solutions to help mitigate this risk include conducting security exercises, implementing key performance indicators tied to cyber hygiene, and cross-training teams to build resilience.

“This is a pivotal moment for African business leaders. Defenders must fundamentally rethink their approaches to cyber resilience. Relying on trust alone is no longer enough – familiar platforms and tools can be turned against us. Critical cyberattacks often unfold beyond the reach of traditional endpoint detection, and early warning signs like credential theft should be treated as indicators of potentially larger breaches.”

“By investing in comprehensive cybersecurity strategies and leveraging AI-powered defenses, Africa can position itself as a crucial front line against emerging threats and help build stronger, more resilient digital ecosystems,” Amira concludes.

Microsoft’s Secure Future Initiative, the largest cybersecurity engineering project in its history, is helping organizations in Africa build resilience against these emerging threats. The initiative is evolving the way Microsoft designs, builds, tests, and operates its products and services, to achieve the highest possible standards for security. Explore the full findings of the Microsoft Digital Defense Report 2025, with key insights and actions for cyber defense, here.